summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2012-11-19 10:26:18 +0100
committerJakub Hrozek <jhrozek@redhat.com>2012-11-19 22:19:29 +0100
commite0d861963e10c5aba79ad87f8c48b0ce1bec06ca (patch)
treec286fb4d0eb6d0955644e85f4042c35eecdf0687
parent73291a9e0b9bcaf56e9858c7ea2226b5b0f6e26c (diff)
downloadsssd-e0d861963e10c5aba79ad87f8c48b0ce1bec06ca.tar.gz
sssd-e0d861963e10c5aba79ad87f8c48b0ce1bec06ca.tar.bz2
sssd-e0d861963e10c5aba79ad87f8c48b0ce1bec06ca.zip
LDAP: Provide a common sdap_set_sasl_options init function
The AD and IPA initialization functions shared the same code. This patch moves the code into a common initialization function.
-rw-r--r--src/providers/ad/ad_common.c52
-rw-r--r--src/providers/ipa/ipa_common.c55
-rw-r--r--src/providers/ldap/ldap_common.c72
-rw-r--r--src/providers/ldap/ldap_common.h7
4 files changed, 95 insertions, 91 deletions
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index 21a7b534..8600dab2 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -422,13 +422,7 @@ ad_get_id_options(struct ad_options *ad_opts,
TALLOC_CTX *tmp_ctx;
struct sdap_options *id_opts;
char *krb5_realm;
- char *sasl_primary;
- char *desired_primary;
- char *sasl_realm;
- char *desired_realm;
char *keytab_path;
- bool primary_requested = true;
- bool realm_requested = true;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return ENOMEM;
@@ -478,19 +472,6 @@ ad_get_id_options(struct ad_options *ad_opts,
id_opts->basic[SDAP_KRB5_REALM].opt_name,
krb5_realm));
- /* Configuration of SASL auth ID and realm */
- desired_primary = dp_opt_get_string(id_opts->basic, SDAP_SASL_AUTHID);
- if (!desired_primary) {
- primary_requested = false;
- desired_primary = dp_opt_get_string(ad_opts->basic, AD_HOSTNAME);
- }
-
- desired_realm = dp_opt_get_string(id_opts->basic, SDAP_SASL_REALM);
- if (!desired_realm) {
- realm_requested = false;
- desired_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
- }
-
keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB);
if (keytab_path) {
ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_KEYTAB,
@@ -502,34 +483,17 @@ ad_get_id_options(struct ad_options *ad_opts,
keytab_path));
}
- ret = select_principal_from_keytab(tmp_ctx,
- desired_primary, desired_realm,
- keytab_path, NULL,
- &sasl_primary, &sasl_realm);
- if (ret != EOK) goto done;
-
- if ((primary_requested && strcmp(desired_primary, sasl_primary) != 0) ||
- (realm_requested && strcmp(desired_realm, sasl_realm) != 0)) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- ("Configured SASL auth ID/realm not found in keytab.\n"));
- ret = ENOENT;
+ ret = sdap_set_sasl_options(id_opts,
+ dp_opt_get_string(ad_opts->basic,
+ AD_HOSTNAME),
+ dp_opt_get_string(ad_opts->basic,
+ AD_KRB5_REALM),
+ keytab_path);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the SASL-related options\n"));
goto done;
}
- ret = dp_opt_set_string(id_opts->basic, SDAP_SASL_AUTHID, sasl_primary);
- if (ret != EOK) goto done;
- DEBUG(SSSDBG_CONF_SETTINGS,
- ("Option %s set to %s\n",
- id_opts->basic[SDAP_SASL_AUTHID].opt_name,
- sasl_primary));
-
- ret = dp_opt_set_string(id_opts->basic, SDAP_SASL_REALM, sasl_realm);
- if (ret != EOK) goto done;
- DEBUG(SSSDBG_CONF_SETTINGS,
- ("Option %s set to %s\n",
- id_opts->basic[SDAP_SASL_REALM].opt_name,
- sasl_realm));
-
/* fix schema to AD */
id_opts->schema_type = SDAP_SCHEMA_AD;
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index db736921..4c68f61d 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -168,14 +168,9 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
struct sdap_options **_opts)
{
TALLOC_CTX *tmpctx;
- char *primary;
char *basedn;
char *realm;
char *value;
- char *desired_realm;
- char *desired_primary;
- bool primary_requested = true;
- bool realm_requested = true;
int ret;
int i;
@@ -248,51 +243,17 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM)));
}
- /* Configuration of SASL auth ID and realm */
- desired_primary = dp_opt_get_string(ipa_opts->id->basic, SDAP_SASL_AUTHID);
- if (!desired_primary) {
- primary_requested = false;
- desired_primary = dp_opt_get_string(ipa_opts->id->basic, IPA_HOSTNAME);
- }
- desired_realm = dp_opt_get_string(ipa_opts->id->basic, SDAP_SASL_REALM);
- if (!desired_realm) {
- realm_requested = false;
- desired_realm = dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM);
- }
-
- ret = select_principal_from_keytab(tmpctx,
- desired_primary, desired_realm,
- dp_opt_get_string(ipa_opts->id->basic,
- SDAP_KRB5_KEYTAB),
- NULL, &primary, &realm);
- if (ret != EOK) {
- goto done;
- }
-
- if ((primary_requested && strcmp(desired_primary, primary) != 0) ||
- (realm_requested && strcmp(desired_realm, realm) != 0)) {
- DEBUG(1, ("Configured SASL auth ID/realm not found in keytab.\n"));
- ret = ENOENT;
- goto done;
- }
-
- ret = dp_opt_set_string(ipa_opts->id->basic,
- SDAP_SASL_AUTHID, primary);
- if (ret != EOK) {
- goto done;
- }
- DEBUG(6, ("Option %s set to %s\n",
- ipa_opts->id->basic[SDAP_SASL_AUTHID].opt_name,
- dp_opt_get_string(ipa_opts->id->basic, SDAP_SASL_AUTHID)));
-
- ret = dp_opt_set_string(ipa_opts->id->basic,
- SDAP_SASL_REALM, realm);
+ ret = sdap_set_sasl_options(ipa_opts->id,
+ dp_opt_get_string(ipa_opts->id->basic,
+ IPA_HOSTNAME),
+ dp_opt_get_string(ipa_opts->id->basic,
+ SDAP_KRB5_REALM),
+ dp_opt_get_string(ipa_opts->id->basic,
+ SDAP_KRB5_KEYTAB));
if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the SASL-related options\n"));
goto done;
}
- DEBUG(6, ("Option %s set to %s\n",
- ipa_opts->id->basic[SDAP_SASL_REALM].opt_name,
- dp_opt_get_string(ipa_opts->id->basic, SDAP_SASL_REALM)));
/* fix schema to IPAv1 for now */
ipa_opts->id->schema_type = SDAP_SCHEMA_IPA_V1;
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index da5786fb..07e9c5d4 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -999,6 +999,78 @@ done:
return ret;
}
+errno_t
+sdap_set_sasl_options(struct sdap_options *id_opts,
+ char *default_primary,
+ char *default_realm,
+ const char *keytab_path)
+{
+ errno_t ret;
+ TALLOC_CTX *tmp_ctx;
+ char *sasl_primary;
+ char *desired_primary;
+ char *sasl_realm;
+ char *desired_realm;
+ bool primary_requested = true;
+ bool realm_requested = true;
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) return ENOMEM;
+
+ /* Configuration of SASL auth ID and realm */
+ desired_primary = dp_opt_get_string(id_opts->basic, SDAP_SASL_AUTHID);
+ if (!desired_primary) {
+ primary_requested = false;
+ desired_primary = default_primary;
+ }
+
+ desired_realm = dp_opt_get_string(id_opts->basic, SDAP_SASL_REALM);
+ if (!desired_realm) {
+ realm_requested = false;
+ desired_realm = default_realm;
+ }
+
+ ret = select_principal_from_keytab(tmp_ctx,
+ desired_primary, desired_realm,
+ keytab_path,
+ NULL, &sasl_primary, &sasl_realm);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ if ((primary_requested && strcmp(desired_primary, sasl_primary) != 0) ||
+ (realm_requested && strcmp(desired_realm, sasl_realm) != 0)) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Configured SASL auth ID/realm not found in keytab.\n"));
+ ret = ENOENT;
+ goto done;
+ }
+
+ ret = dp_opt_set_string(id_opts->basic,
+ SDAP_SASL_AUTHID, sasl_primary);
+ if (ret != EOK) {
+ goto done;
+ }
+ DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n",
+ id_opts->basic[SDAP_SASL_AUTHID].opt_name,
+ dp_opt_get_string(id_opts->basic, SDAP_SASL_AUTHID)));
+
+ ret = dp_opt_set_string(id_opts->basic,
+ SDAP_SASL_REALM, sasl_realm);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n",
+ id_opts->basic[SDAP_SASL_REALM].opt_name,
+ dp_opt_get_string(id_opts->basic, SDAP_SASL_REALM)));
+
+ ret = EOK;
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
static const char *
sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx)
{
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index 034dc995..86079fa6 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -228,4 +228,11 @@ sdap_attrs_get_sid_str(TALLOC_CTX *mem_ctx,
struct sysdb_attrs *sysdb_attrs,
const char *sid_attr,
char **_sid_str);
+
+errno_t
+sdap_set_sasl_options(struct sdap_options *id_opts,
+ char *default_primary,
+ char *default_realm,
+ const char *keytab_path);
+
#endif /* _LDAP_COMMON_H_ */